Web Application Security
Faraday v1.0.16: (Group vulns by fields, Filter false-positives, Canvas plugin) Dec 21 2015 07:41PM
Francisco Amato (famato infobytesec com)
We are proud to present Faraday v1.0.16!

This version comes with major changes to our Web UI, including the
possibility to mark vulnerabilities as false positives. If you have a
Pro or Corp license you can now create an Executive Report using only
confirmed vulnerabilities, saving you even more time.

A brand new feature that comes with v1.0.16 is the ability to group
vulnerabilities by any field in our Status Report view. Combine it
with bulk edit to manage your findings faster than ever!

This release also features several new features developed entirely by
our community.

Changes:
* Added group vulnerabilities by any field in our Status Report
* Added port to Service type target in new vuln modal
* Filter false-positives in Dashboard, Status Report and Executive Report

Filter in Status Report view
* Added Wiki information about running Faraday without configuring
CouchDB https://github.com/infobyte/faraday/wiki/APIs
* Added parametrization for port configuration on APIs
* Added scripts to:
- get all IPs from targets that have no services
(/bin/getAllIpsNotServices.py)
- get all IP addresses that have defined open port
(/bin/getAllbySrv.py) and get all IPs from targets without services
(/bin/delAllVulnsWith.py)
It's important to note that both these scripts hold a
variable that you can modify to alter its behaviour.
/bin/getAllbySrv.py has a port variable set to 8080 by default.
/bin/delAllVulnsWith.py does the same with a RegExp
* Added three Plugins:
- Immunity Canvas
- Dig
- Traceroute
* Refactor Plugin Base to update active WS name in var
* Refactor Plugins to use current WS in temp filename under
$HOME/.faraday/data. Affected Plugins:
- amap
- dnsmap
- nmap
- sslcheck
- wcscan
- webfuzzer
- nikto

Bug fixes:
* When the last workspace was null Faraday wouldn't start
* CSV export/import in QT
* Fixed bug that prevented the use of "reports" and "cwe" strings in
Workspace names
* Unicode support in Nexpose-full Plugin
* Fixed bug get_installed_distributions from handler exceptions
* Fixed bug in first run of Faraday with log path and API errors

More information:
https://github.com/infobyte/faraday
http://blog.infobytesec.com/2015/12/presenting-faraday-1016.html

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus